Check Point Research (CPR) shares new insights into the ransomware economy after further analyzing Conti group leaks and different ransomware victims related data sets. Paid ransom is a small component of the actual cost of a ransomware attack to the victim, as CPR estimates the total cost to be 7x higher. Cybercriminals are demanding a sum congruent with annual revenue of the victim, ranging between 0.7% to 5%. Duration of a ransomware attack declined significantly, from 15 days to 9 days in 2021. CPR also sees that ransomware groups have clear ground rules for successful negotiation with victims, influencing the negotiation process and dynamics.
Check Point Research (CPR) analyzed two data sets to get new insights into the ransomware economy, estimating that the collateral cost of ransomware for victims is 7 times more than ransom paid. The first data set was Kovrr’s cyber incidents database, which contains up-to-date information on cyber events and their financial impact. The second data set used was Conti group leaks. CPR’s research aimed to explore both sides of a ransomware attack: victims and cybercriminals.
Quote: Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:
“In this research, we have provided an in-depth look into both the attackers’ and victims’ perspectives of a ransomware attack. The key learning is that the paid ransom, which is the number most researches deal with, is not a key number in the ransomware ecosystem. Both cybercriminals and victims have many other financial aspects and considerations around the attack. It’s remarkable just how systematic these cybercriminals are in defining the ransom number and in the negotiation. Nothing is casual and everything is defined and planned according to factors that we’ve described. Noteworthy is the fact that for victims, the ‘collateral cost’ of ransomware is 7 times more than the ransom they pay. Our message to the public is that building in advance proper cyber defenses, especially a well-defined response plan to ransomware attacks, can save a lot of money for organizations.”
Ransomware by the Numbers
In the first quarter of 2022, CPR is sharing the following numbers:
How to Protect yourself from Ransomware